Description of problem: Implementation of http://projects.theforeman.org/issues/4238 introduced a BFA protection, however this is not configurable at all (enable/disable, number of retries, blacklist timeout, etc.). It would be beneficial, if I as an admin had a way of configure or completely disable the feature. Version-Release number of selected component (if applicable): satellite-6.4.0-15.el7sat.noarch How reproducible: always Steps to Reproduce: 1. Go to Administer -> Settings and search for "failed_login_attempts_limit" Actual results: It is not there Expected results: It should be there
Upstream bug assigned to mhulan
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/22778 has been resolved.
put qe_ack + , as this an important fix (adding the ability to disable or to fine tune the number of attempts of authenticated login to be considered as Brute-force attack) for the Brute-force attack protection
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222